From: Ben Pfaff <blp@nicira.com>
Date: Fri, 9 Jan 2009 22:30:25 +0000 (-0800)
Subject: rconn: Fix segfault when the idle timeout races with connection failure.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e78d0d423ad9afbb60fdad0fabd7d61f605facc8;p=openvswitch

rconn: Fix segfault when the idle timeout races with connection failure.

Noticed in Xen VM migration torture test (thanks Henrik!)
---

diff --git a/lib/rconn.c b/lib/rconn.c
index f3dd6aa7..910c1ced 100644
--- a/lib/rconn.c
+++ b/lib/rconn.c
@@ -385,10 +385,14 @@ run_ACTIVE(struct rconn *rc)
 {
     if (timed_out(rc)) {
         unsigned int base = MAX(rc->last_received, rc->state_entered);
-        rconn_send(rc, make_echo_request(), NULL);
         VLOG_DBG("%s: idle %u seconds, sending inactivity probe",
                  rc->name, (unsigned int) (time_now() - base));
+
+        /* Ordering is important here: rconn_send() can transition to BACKOFF,
+         * and we don't want to transition back to IDLE if so, because then we
+         * can end up queuing a packet with vconn == NULL and then *boom*. */
         state_transition(rc, S_IDLE);
+        rconn_send(rc, make_echo_request(), NULL);
         return;
     }